← Back to Skills Marketplace
jpengcheng523-netizen

Code Executor

by jpengcheng523-netizen · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
191
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install jpeng-code-executor
Description
Safe code execution in sandboxed environments. Supports Python, JavaScript, Bash, and more with resource limits and timeout controls.
README (SKILL.md)

Code Executor

Execute code safely in sandboxed environments with resource limits.

When to Use

  • User wants to run code snippets
  • Test code before deployment
  • Execute scripts with security constraints
  • Run untrusted code safely

Features

  • Multi-language support: Python, JavaScript, Bash, Ruby, Go
  • Resource limits: CPU, memory, execution time
  • Network isolation: Optional network access
  • File system isolation: Temporary sandbox directory

Usage

Execute Python

python3 scripts/execute.py \
  --language python \
  --code "print('Hello, World!')" \
  --timeout 10

Execute from file

python3 scripts/execute.py \
  --language python \
  --file ./script.py \
  --timeout 30 \
  --memory 256

Execute JavaScript

python3 scripts/execute.py \
  --language javascript \
  --code "console.log(2 + 2)"

With input

python3 scripts/execute.py \
  --language python \
  --code "x = input(); print(f'You said: {x}')" \
  --input "Hello"

Output

{
  "success": true,
  "stdout": "Hello, World!\
",
  "stderr": "",
  "exit_code": 0,
  "execution_time_ms": 42
}

Safety

  • Default timeout: 30 seconds
  • Default memory limit: 512MB
  • No network access by default
  • Output limited to 1MB
Usage Guidance
Do not install or run this skill as-is. The SKILL.md references a local executable (scripts/execute.py) and multiple runtimes but the package contains no code or install instructions — that means the skill cannot actually provide the sandbox and could cause unexpected behavior if a similarly named script exists in your environment. Ask the author for: (1) the executor source code or a trusted install URL (e.g., GitHub release), (2) a clear description of the sandboxing mechanism (Docker, firejail, gVisor, OS-level seccomp/cgroups) and how network/file access is restricted, and (3) a declared list of required binaries (python3, node, docker, etc.). If you must test, run it in a fully isolated environment (disposable VM or container) and verify the executor code before giving it access to sensitive files or credentials. If the author provides a trusted repository or a proper install spec and the executor code shows robust sandboxing, the assessment could move to benign.
Capability Analysis
Type: OpenClaw Skill Name: jpeng-code-executor Version: 1.0.0 The skill bundle describes a tool for arbitrary code execution across multiple languages (Python, JS, Bash) via a script named 'scripts/execute.py'. While SKILL.md claims the environment is sandboxed with resource limits and network isolation, the actual implementation code is missing from the bundle, making these security claims unverifiable. Because the tool provides a high-risk capability that could be used for host compromise if the sandbox is absent or improperly implemented, it is classified as suspicious.
Capability Assessment
Purpose & Capability
The skill claims sandboxed multi-language code execution with resource/network/file isolation, but there are no code files, no install spec, and no declared runtime binaries. The usage examples call python3 scripts/execute.py, yet the repository contains no scripts and required binaries list is empty — these requirements do not align with the stated purpose.
Instruction Scope
SKILL.md instructs running a local script (python3 scripts/execute.py) with options to execute arbitrary user code and read files (e.g., --file ./script.py). It therefore expects filesystem access and a local executor binary, but provides no guidance about how the executor is supplied or how sandboxing/isolation is enforced. That leaves broad discretion and potential for executing arbitrary code without demonstrated containment.
Install Mechanism
There is no install specification and no code files. Instruction-only skills are low-risk when they rely on already-present, declared tooling; here the documentation depends on a script that does not exist and no mechanism to obtain it is provided. This is an incoherence (missing artifact), not a safe-by-design implementation.
Credentials
The skill declares no environment variables or credentials, which is proportionate. However, it uses python3 and implies other runtimes (node, ruby, go) in examples without declaring required binaries or toolchain. Lack of declared binaries is a mismatch and should be addressed.
Persistence & Privilege
Defaults are used (always: false, model invocation allowed). There's no request for permanent presence or modification of other skills. Autonomous invocation is allowed but not combined with other privileged requests in this metadata.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install jpeng-code-executor
  3. After installation, invoke the skill by name or use /jpeng-code-executor
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
- Initial release of jpeng-code-executor - Safely execute code in sandboxed environments with support for Python, JavaScript, Bash, Ruby, and Go - Enforces resource limits (CPU, memory, execution time) and restricts network/file system access - Provides command-line interface to run code snippets or scripts from files - Default safety restrictions: 30s timeout, 512MB memory, no network, 1MB output limit
Metadata
Slug jpeng-code-executor
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Code Executor?

Safe code execution in sandboxed environments. Supports Python, JavaScript, Bash, and more with resource limits and timeout controls. It is an AI Agent Skill for Claude Code / OpenClaw, with 191 downloads so far.

How do I install Code Executor?

Run "/install jpeng-code-executor" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Code Executor free?

Yes, Code Executor is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Code Executor support?

Code Executor is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Code Executor?

It is built and maintained by jpengcheng523-netizen (@jpengcheng523-netizen); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments